diff options
Diffstat (limited to 'contrib/solaris/buildpkg.sh')
| -rwxr-xr-x | contrib/solaris/buildpkg.sh | 67 |
1 files changed, 37 insertions, 30 deletions
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh index c41b3f963..29d096306 100755 --- a/contrib/solaris/buildpkg.sh +++ b/contrib/solaris/buildpkg.sh | |||
| @@ -5,7 +5,7 @@ | |||
| 5 | # The following code has been provide under Public Domain License. I really | 5 | # The following code has been provide under Public Domain License. I really |
| 6 | # don't care what you use it for. Just as long as you don't complain to me | 6 | # don't care what you use it for. Just as long as you don't complain to me |
| 7 | # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) | 7 | # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) |
| 8 | # | 8 | # |
| 9 | umask 022 | 9 | umask 022 |
| 10 | # | 10 | # |
| 11 | # Options for building the package | 11 | # Options for building the package |
| @@ -13,7 +13,7 @@ umask 022 | |||
| 13 | # | 13 | # |
| 14 | # uncommenting TEST_DIR and using | 14 | # uncommenting TEST_DIR and using |
| 15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty | 15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty |
| 16 | # and | 16 | # and |
| 17 | # PKGNAME=tOpenSSH should allow testing a package without interfering | 17 | # PKGNAME=tOpenSSH should allow testing a package without interfering |
| 18 | # with a real OpenSSH package on a system. This is not needed on systems | 18 | # with a real OpenSSH package on a system. This is not needed on systems |
| 19 | # that support the -R option to pkgadd. | 19 | # that support the -R option to pkgadd. |
| @@ -23,9 +23,10 @@ SYSVINIT_NAME=opensshd | |||
| 23 | MAKE=${MAKE:="make"} | 23 | MAKE=${MAKE:="make"} |
| 24 | SSHDUID=67 # Default privsep uid | 24 | SSHDUID=67 # Default privsep uid |
| 25 | SSHDGID=67 # Default privsep gid | 25 | SSHDGID=67 # Default privsep gid |
| 26 | # uncomment these next two as needed | 26 | # uncomment these next three as needed |
| 27 | #PERMIT_ROOT_LOGIN=no | 27 | #PERMIT_ROOT_LOGIN=no |
| 28 | #X11_FORWARDING=yes | 28 | #X11_FORWARDING=yes |
| 29 | #USR_LOCAL_IS_SYMLINK=yes | ||
| 29 | # list of system directories we do NOT want to change owner/group/perms | 30 | # list of system directories we do NOT want to change owner/group/perms |
| 30 | # when installing our package | 31 | # when installing our package |
| 31 | SYSTEM_DIR="/etc \ | 32 | SYSTEM_DIR="/etc \ |
| @@ -81,7 +82,7 @@ export PATH | |||
| 81 | # we will look for config.local to override the above options | 82 | # we will look for config.local to override the above options |
| 82 | [ -s ./config.local ] && . ./config.local | 83 | [ -s ./config.local ] && . ./config.local |
| 83 | 84 | ||
| 84 | ## Start by faking root install | 85 | ## Start by faking root install |
| 85 | echo "Faking root install..." | 86 | echo "Faking root install..." |
| 86 | START=`pwd` | 87 | START=`pwd` |
| 87 | OPENSSHD_IN=`dirname $0`/opensshd.in | 88 | OPENSSHD_IN=`dirname $0`/opensshd.in |
| @@ -98,20 +99,20 @@ fi | |||
| 98 | ## Fill in some details, like prefix and sysconfdir | 99 | ## Fill in some details, like prefix and sysconfdir |
| 99 | for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir | 100 | for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir |
| 100 | do | 101 | do |
| 101 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` | 102 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` |
| 102 | done | 103 | done |
| 103 | 104 | ||
| 104 | 105 | ||
| 105 | ## Collect value of privsep user | 106 | ## Collect value of privsep user |
| 106 | for confvar in SSH_PRIVSEP_USER | 107 | for confvar in SSH_PRIVSEP_USER |
| 107 | do | 108 | do |
| 108 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` | 109 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` |
| 109 | done | 110 | done |
| 110 | 111 | ||
| 111 | ## Set privsep defaults if not defined | 112 | ## Set privsep defaults if not defined |
| 112 | if [ -z "$SSH_PRIVSEP_USER" ] | 113 | if [ -z "$SSH_PRIVSEP_USER" ] |
| 113 | then | 114 | then |
| 114 | SSH_PRIVSEP_USER=sshd | 115 | SSH_PRIVSEP_USER=sshd |
| 115 | fi | 116 | fi |
| 116 | 117 | ||
| 117 | ## Extract common info requires for the 'info' part of the package. | 118 | ## Extract common info requires for the 'info' part of the package. |
| @@ -243,16 +244,16 @@ fi | |||
| 243 | 244 | ||
| 244 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null | 245 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null |
| 245 | then | 246 | then |
| 246 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" | 247 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" |
| 247 | echo "or group." | 248 | echo "or group." |
| 248 | else | 249 | else |
| 249 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | 250 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." |
| 250 | 251 | ||
| 251 | # create group if required | 252 | # create group if required |
| 252 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | 253 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null |
| 253 | then | 254 | then |
| 254 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | 255 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." |
| 255 | else | 256 | else |
| 256 | # Use gid of 67 if possible | 257 | # Use gid of 67 if possible |
| 257 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | 258 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null |
| 258 | then | 259 | then |
| @@ -260,15 +261,15 @@ else | |||
| 260 | else | 261 | else |
| 261 | sshdgid="-g $SSHDGID" | 262 | sshdgid="-g $SSHDGID" |
| 262 | fi | 263 | fi |
| 263 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | 264 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." |
| 264 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER | 265 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER |
| 265 | fi | 266 | fi |
| 266 | 267 | ||
| 267 | # Create user if required | 268 | # Create user if required |
| 268 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | 269 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null |
| 269 | then | 270 | then |
| 270 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | 271 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." |
| 271 | else | 272 | else |
| 272 | # Use uid of 67 if possible | 273 | # Use uid of 67 if possible |
| 273 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null | 274 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null |
| 274 | then | 275 | then |
| @@ -276,10 +277,10 @@ else | |||
| 276 | else | 277 | else |
| 277 | sshduid="-u $SSHDUID" | 278 | sshduid="-u $SSHDUID" |
| 278 | fi | 279 | fi |
| 279 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | 280 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." |
| 280 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER | 281 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER |
| 281 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER | 282 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER |
| 282 | fi | 283 | fi |
| 283 | fi | 284 | fi |
| 284 | 285 | ||
| 285 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start | 286 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start |
| @@ -358,18 +359,24 @@ cat >mk-proto.awk << _EOF | |||
| 358 | BEGIN { print "i pkginfo"; print "i preinstall"; \\ | 359 | BEGIN { print "i pkginfo"; print "i preinstall"; \\ |
| 359 | print "i postinstall"; print "i preremove"; \\ | 360 | print "i postinstall"; print "i preremove"; \\ |
| 360 | print "i request"; print "i space"; \\ | 361 | print "i request"; print "i space"; \\ |
| 361 | split("$SYSTEM_DIR",sys_files); } | 362 | split("$SYSTEM_DIR",sys_files); } |
| 362 | { | 363 | { |
| 363 | for (dir in sys_files) { if ( \$3 != sys_files[dir] ) | 364 | for (dir in sys_files) { if ( \$3 != sys_files[dir] ) |
| 364 | { \$5="root"; \$6="sys"; } | 365 | { \$5="root"; \$6="sys"; } |
| 365 | else | 366 | else |
| 366 | { \$4="?"; \$5="?"; \$6="?"; break;} | 367 | { \$4="?"; \$5="?"; \$6="?"; break;} |
| 367 | } } | 368 | } } |
| 368 | { print; } | 369 | { print; } |
| 369 | _EOF | 370 | _EOF |
| 370 | find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ | 371 | find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ |
| 371 | pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype | 372 | pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype |
| 372 | 373 | ||
| 374 | # /usr/local is a symlink on some systems | ||
| 375 | [ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { | ||
| 376 | grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new | ||
| 377 | mv prototype.new prototype | ||
| 378 | } | ||
| 379 | |||
| 373 | ## Step back a directory and now build the package. | 380 | ## Step back a directory and now build the package. |
| 374 | echo "Building package.." | 381 | echo "Building package.." |
| 375 | cd .. | 382 | cd .. |